The Elmbrook School District in Wisconsin experienced a data breach that led to the exposure of the names and Social Security numbers of current and former employees, and the breach continued even after the district became aware of it.
Files were removed from the district’s system between August 23 and 27, 2022, according to an investigation. The district’s Chief Strategy Officer, Chris Thompson, said that professional cyber criminals were behind the breach and that the district was fortunate to have an early detection program active.
Additionally, Thompson declined to provide the number of people affected by the breach. The district offered a one-year complimentary credit monitoring service to those affected by the breach. The initial group of affected employees was informed in late September and October 2022.
The district worked with cybersecurity professionals and a third-party company to investigate all the breached files, which identified additional people whose information was compromised.
Thompson said it took longer to identify the others affected by the breach due to the large number of files that had to be reviewed.
At the same ime, former Elmbrook employee Luna Cieslak was among those whose information was compromised. She said that the breach was a great inconvenience and that she had to call her credit card companies and bank to freeze her credit line.
Furthermore, Cieslak had worked in the district as a health room aide for a few years in the 2000s. Thompson said the district had implemented state requirements and storage best practices around personally identifiable information and put in place a training program to increase staff awareness about cybersecurity.
The district has also partnered with a security service firm to provide 24/7 managed services of its network.
